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Amendments to the Claims: 

This listing of claims replaces all prior versions and listings of the claims in this 
application. 

Listing of Claims: 

1 . (Previously Presented): A method for dynamically tracking a user session in order 
to authenticate and authorize a computer user, the method comprising the steps of: 

a. storing security information for a plurality of computer users in a user profile 

database; 

b. receiving at an authorization server coupled with the user profile database log- 

in information from the computer user who has launched a computer 
application; 

c. in response to step b, creating a Session ID for the computer user with the 

authorization server; 

d. storing at least a portion of the Session ID on the user's computer; 

e. also in response to step b, creating an object associated with the computer user 

or the Session ID; 

f. storing the object dynamically in a directory coupled with the authorization 

server; 

g. copying at least some of the security information relating to the computer user 

from the user profile database to the object in the directory; 

h. comparing the log-in information entered by the computer user to the security 

information for the computer user and allowing the computer user 
access to the launched computer application if the user is an 
authenticated or authorized user of the computer application; and 

i. permitting other computer applications launched by the computer user to 

reference the Session ID on the user's computer so that the other 
computer applications may access the object for the computer user on 
the directory to authenticate or authorize the user for the other computer 
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applications without requiring the user to re-enter the log-in 
information. 

2. (Original): The method as set forth in claim 1, the security information including 
authentication and authorization information. 

3 . (Original): The method as set forth in claim 2, the authentication and authorization 
information including at least one of the following: user names, user IDs, passwords, pubhc- 
key data, certificates, and access control information. 

4. (Previously Presented): The method as set forth in claim 1, the Session ID being 
based on at least one of the following: a date on which the computer user launched the 
computer application; a time in which the computer user launched the computer application; 
a TCP/IP address of the computer user; and a user name of the computer user. 

5. (Original): The method as set forth in claim 1, further including the steps of 
creating a shopping cart and storing the shopping cart along with the object in the directory. 

6. (Original): The method as set forth in claim 5, further including the steps of 
allowing the user to select items to be purchased and storing information relating to the 
selected items in the shopping cart. 



3 



Application No. 09/664,893 
Amendment dated September 28, 2004 ' 
Reply to Office action of June 30, 2004 

7. (Previously Presented): A system for dynamically tracking a user session in order 
to authenticate and authorize a computer user, the system comprising: 

a user profile database for storing security information for a plurality of computer 
users; 

an authorization server coupled with the user profile database for receiving log-in 
information from a computer user who has launched a computer application, 
for creating a Session ID for the computer user, for storing at least a portion 
of the Session ID on the user's computer and for creating an object associated 
with the computer user or the Session ID; and 

a directory coupled with the authorization server for dynamically storing the object 
created by the authorization server, 

the authorization server being further operable for copying at least some of the 
security information relating to the computer user from the user profile 
database to the object in the directory, comparing log information entered by 
the computer user to the security information for the computer user and 
allowing the computer user access to the launched computer application if the 
user is an authenticated or authorized user of the computer application, 
permitting other computer applications launched by the computer user to 
reference the Session ID on the user's computer so that the other computer 
applications may access the object for the computer user on the directory to 
authenticate or authorize the user for the other computer applications without 
requiring the user to re-enter the log-in information. 

8. (Original): The system as set forth in claim 7, the security information including 
authentication and authorization information. 

9. (Original): The system as set forth in claim 8, the authentication and authorization 
information including at least one of the following: user names, user IDs, passwords, public- 
key data, certificates, and access control information. 
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10. (Previously Presented): The system as set forth in claim 7, the Session ID being 
based on at least one of the following: a date on which the computer user launched the 
computer application; a time in which the computer user launched the computer application; 
a TCP/IP address of the computer user; and a user name of the computer user. 

1 1 . (Previously Presented): The system as set forth in claim 7, the authorization server 
being further operable for creating a shopping cart and storing the shopping cart along with 
the object in the directory. 

12. (Previously Presented): The system as set forth in claim 1 1, the authorization 
server being further operable for allowing the user to select items to be purchased and storing 
information relating to the selected items in the shopping cart. 
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13. (New) A method of utilizing an authorization server for dynamically tracking a 
user session in order to authenticate and authorize a computer user, the method comprising 
the steps of: 

a. receiving a log-in from the computer user; 

b. creating a unique session ID for the user after log-in; 

c. storing data representative of at least a portion of the session ID on the user's 
computer; 

d. creating an object corresponding to the unique session ID and storing the 
object on the authorization server; 

e. allowing a first application executed by the user to authenticate the user, 
wherein the first application authenticates the user by accessing the data 
representative of at least a portion of the session ID stored on the user 
computer and providing the data representative of at least a portion of the 
session ID to the authorization server; and 

f allowing the first appUcation executed by the user to modify the object after 
the user is authenticated. 

14. (New) The method of claim 13, wherein the first application modifies the object 
by accessing the data representative of at least a portion of the session ID stored on the user 
computer and providing the data representative of at least a portion of the session ID to the 
authorization server. 

15. (New) The method of claim 13, wherein step (f) includes modifying the object 
to reflect items selected by the user for purchase. 

16. (New) The method of claim 13, further including the step of allowing a second 
application to authenticate the user, wherein the second application authenticates the user by 
accessing the data representative of at least a portion of the session ID stored on the user 
computer and providing the data representative of at least a portion of the session ID to the 
authorization server. 
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17. (New) The method of claim 16, further including the step of allowing the second 
appUcation executed by the user to modify the object after the user is authenticated, wherein 
the second application modifies the object by accessing the data representative of at least a 
portion of the session ID stored on the user computer and providing the data representative 
of at least a portion of the session ID to the authorization server. 

1 8. (New) The method of claim 16, fiirther including the step of allowing the second 
application to access the object such that the second application is operable to utilize the 
modifications generated by the first application. 

19. (New) The method of claim 16, wherein the first application is executed utilizing 
a first third-party server and the second application is executed utilizing a second third-party 
server. 

20. (New) The method of claim 13, further including the step of allowing the user to 
modify the object by utilizing the first application. 
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